Описание
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eigentech:natural_language_processing:3.10.1:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00901
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
EPSS
Процентиль: 75%
0.00901
Низкий
7.6 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other